AF Transformation 2011

joeneetscompetitiveSecurity

Nov 3, 2013 (3 years and 5 months ago)

104 views

1

Frank
Konieczny

AF Chief Technology Officer


SAF/A6

Warfighting

Integration

and Chief Information Officer

March 2011

AF Transformation 2011

I n t e g r i t y
-

S e r v i c e
-

E x c e l l e n c e



2



98% of stolen records
linked to criminals
outside orgs
(
Verizon 2010 Data
Breach Investigation Report)


73,000 new malware
strains per day during
the first quarter of 2011
(
PandaLabs

Q1 Report))


Congress
budgetary
discussions


$ 1B+ Cut over the
FYDP


AF Efficiency
Initiatives



Airman expectations


Social Networking


Mobility






Thousands of new
products and
services every year


Global

Providers


IT Acquisition

Reform


S
ECURITY

T
ECHNOLOGY

C
ULTURE

F
UNDING

Major Drivers

I n t e g r i t y
-

S e r v i c e
-

E x c e l l e n c e

Efficiencies Transformations


Implementing AF
-
wide enterprise core services (e.g., email)


Consolidating data centers and associated servers


Further consolidating AF IT purchases



Reducing the number of AF firewalls, Internet gateways, and
associated infrastructure, while maintaining or improving security



Reducing commercial Satellite Communications (SATCOM) costs
by centralized purchasing and provisioning of services



Migrating current and developmental applications, services, and
data to an AF standardized IT environment



Reducing telecommunications costs by integrating voice, video,
and data services on the network


Unified Communication and
Collaboration


3

I n t e g r i t y
-

S e r v i c e
-

E x c e l l e n c e

Transforming System Development

Program
-
centric Infrastructure

As
-

Is Infrastructure

To
-

Be Infrastructure

Transformation


Web Services


Increased Flexibility


Reduced Duplication


Enterprise Authentication &

Authorization


Increased Security


AF
-
wide Access


Virtualization


Reduced HW Rqmts


Reduced Facilities Costs


Blade Processors


Reduce Data Center Rqmts


Enterprise SW Licenses


Increased Standardization


Reduced Cost


Virtualized Storage


Increased Responsiveness


Enterprise Data


Authoritative Data Sources


Data De
-
duplication

Different development teams in the enterprise, if not properly guided or monitored, may tend to choose the path of least
resistance or resort to technologies that they are familiar with, which can add to integration complexity.

Take Charge of

Application Integration Chaos; A
-
G Magazine, 15 Sep 10


Program
Storage
Program
Storage
Program
Storage
Client Devices
Servers
Servers
Reliable Messaging

Virtualization Layer

Blade

Processors

Virtualized Storage

Enterprise Data

Windows

Authentication

Authorization

Linux

Web

Services

Web

Services

Web

Services

Consolidated Enterprise IT Baseline


Based Configuration

Program


Services

Metadata

Environment

Work Flow

I n t e g r i t y
-

S e r v i c e
-

E x c e l l e n c e

Transformation Cloud Services

5

IaaS
-

System Infrastructure Services

PaaS
-
App Infrastructure Services

SaaS
-
Application Services

Information Services

Business Services

Cloud
Enablers


Investigating all service layers


IaaS
/
PaaS

architecture specified by the AF
(standards, protocols, GOTS/COTS, web
services, etc.)


AF Consolidated Enterprise IT Baseline
drives specification to ensure system
networthiness


AF determined SLAs


Secured Hypervisor Concerns





Management & Security

I n t e g r i t y
-

S e r v i c e
-

E x c e l l e n c e


Web Services Delivery
Transformation


Web services paradigm for
optimizing development reuse and
cloud performance/ flexibility


Web Services for accessing
authoritative data sources


Security Extensions


Policy Based Access Controls


ABAC/RBAC


Authentication and
Authorization at each access
point for exposed web services


Security challenge to “ensure” a
security (non tampered) path from
user to data source and back



I n t e g r i t y
-

S e r v i c e
-

E x c e l l e n c e

Depth in Depth Security
Transformation

285 million records

compromised in 2009

Verizon 2010 Data
Breach Report

Data

Apps

S/W


Network



Data Stolen/Altered


Applications Compromised


Networks Still Targeted

Full Spectrum Attacks

Securing the “Work” of the Network in Addition to the Network

Traditional Focus

Shifting Focus

I n t e g r i t y
-

S e r v i c e
-

E x c e l l e n c e

End
-
End Security [WS
-
Security]

Application

SOAP

HTTP

TLS/SSL

TCP

IP

MAC

Client
Application

Service
Invoker

TLS/SSL

TCP

IP

MAC

Application

SOAP

HTTP

TLS/SSL

TCP

IP

MAC

SSL Endpoint


SSL Processor

or HTTP

Service


Service

Implementation

Code

Service
Provider

UNTRUSTED NETWORK

Intermediaries

Web Services Security


(Authentication, Integrity,

Confidentiality, Non
-
Repudiation, Access Control (SAML))

SSL


(Integrity, Confidentiality)

End
-
to
-
End 2
-
Way Authentication

I n t e g r i t y
-

S e r v i c e
-

E x c e l l e n c e

Communication/Collaboration
Transformation

Rich Presence


Willingness, ability and preference of a users’ communication


Intelligent voice, messaging, time
-
sensitive task/doc routing

Instant Messaging


One
-
click access and easy escalation to chat, voice and VTC

Voice and Voice Conferencing


Find contacts quickly, dial and easy escalation to VTC

Unified Messaging


Voicemail to email/vice versa; chat to e
-
mail

Video P2P and VTC


Simple initiation/easy escalation to conf (desk top and suite)

Video Broadcast


Commanders message, Emergency message, etc

Desktop Collaboration


Desktop sharing, briefings / presentations and file transfer

Mobile User Access


Smartphone, LMR, Web, bandwidth tolerant

Cross Domain (security, functional)

ATRIX 4G

Dual Persona Playbook

Dual Persona Playbook

Gesture Recognition

I n t e g r i t y
-

S e r v i c e
-

E x c e l l e n c e


F
-
35

F
-
22

CRC

Tact’l Net Ops

ASOC

Tact’l Net Ops


F
-
15C

ADC

F/A
-
18

KC
-
135

F
-
35

High Alt
Gateway Relay

XX

X

ERMP

CAOC

DCGS

JFACC

Op Net
Mgt


II

EC
-
130

RC
-
135

B
-
1

B
-
52

RQ
-
4

A
-
10

F
-
16

H
-
60

B
-
2

TOC

DCGS

JFLCC

Op Net Mgt

JFMCC

Op Net Mgt

Net Enabled

Attack / Weapons

Anti
-
access

Net Enabled SOF

Net Enabled Nuclear
Response

E
-
2

Net Enabled MAF

Net Enabled C2 ISR

E
-
3

E
-
8

MQ
-
1/9

Joint Aerial Layer Network (JALN)
Initial Capabilities Document (ICD)

AF OV
-
1

MUOS

WGS

Commercial

AEHF

B
-
52

Legacy TDLs

C
-
17

High Capacity Backbone

Permissive

Contested

Net Enabled ISR

Voice

Link
-
16

VMF

SADL

Mid Alt
Gateway
Relay

Advanced TDLs

F
-
15E


We must be able to work










between layers



between networks



between environments

When required

Single Integrated Network Environment

I n t e g r i t y
-

S e r v i c e
-

E x c e l l e n c e


How Do We Get There?



Secure cloud computing solutions


Guaranteed information assurance


Consolidated Enterprise IT Baseline


Library of capability
-
based services & applications


Commoditization of Edge Devices


Operational applications


Reliability at reduced costs


Industry Partnership

X
-
37B

I n t e g r i t y
-

S e r v i c e
-

E x c e l l e n c e

Questions

12